214 matches found
PT-2026-6344
The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...
Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: http://example.com/user/login?admin If they provide the access key and have a specific role they can log in. The module does not check for...
PT-2026-6544
The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...
GHSA-R54G-49RX-98CR RustFS Logs Sensitive Credentials in Plaintext
Summary RustFS logs sensitive credential material access key, secret key, session token to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive...
CVE-2026-22806
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...
CVE-2023-43784
Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat...
CVE-2024-58311
Dormakaba Saflok System 6000 is affected by CVE-2024-58311 due to a predictable key generation algorithm that lets an attacker derive card access keys from a 32-bit card identifier. The underlying issue is a deterministic key derivation process, enabling key computation without requiring addition...
EUVD-2025-33395
BBOT's gitlab.py exposes globally configured "gitlab" API key...
GHSA-P3V4-C93G-CMHW BBOT's gitlab.py exposes globally configured "gitlab" API key
Summary bbot's gitlab.py sends the user's "gitlab" API key to on-premise GitLab instances. If a user has configured a gitlab.com API key using this mechanism, it may be leaked to an attacker-controlled server. Impact A user with a "gitlab" API key configured who uses bbot to scan a malicious...
CVE-2025-10282
BBOT's gitlab module exposes GitLab API keys by using a maliciously formatted git URL, leading to information exposure to an attacker-controlled server. Multiple sources (including Red Hat CVE entry and accompanying advisories) describe the issue as a leak of the user’s API key when bb ot process...
PT-2025-41395
Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The gitlab module in BBOT may allow an attacker to disclose a GitLab API key to a server under their control by using a maliciously formatted git URL. This could potentially lead to unauthorized...
PT-2025-41394
Name of the Vulnerable Software and Affected Versions BBOT affected versions not specified Description The git clone module in BBOT may allow an attacker to disclose a GitHub API key to a server they control by using a maliciously formatted git URL. The issue involves the potential exposure of th...
EUVD-2020-0607
Malware in sbrugna...
EUVD-2018-15613
Malware in sbrugna...
EUVD-2020-20285
Malware in sbrugna...
EUVD-2004-2722
Malware in sbrugna...
EUVD-2014-4939
Malware in sbrugna...
EUVD-2018-15699
Malware in sbrugna...
EUVD-2016-0909
Malware in sbrugna...
EUVD-2020-3402
Malware in sbrugna...